Valid MD-102 Dumps shared by PassLeader for Helping Passing MD-102 Exam! PassLeader now offer the newest MD-102 VCE dumps and MD-102 PDF dumps, the PassLeader MD-102 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader MD-102 dumps with VCE and PDF here: https://www.passleader.com/md-102.html (576 Q&As Dumps)
BTW, DOWNLOAD part of PassLeader MD-102 dumps from Cloud Storage: https://drive.google.com/drive/folders/1BtrjC5zCM7ulWdEy-7pL_ufD6yKRMYdK
NEW QUESTION 548
You have a Microsoft Entra tenant named contoso.com. You purchase an Android device named Device1. You need to register Device1 in contoso.com.
Solution: You use Microsoft Entra Connect.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
Microsoft Entra Connect is an on-premises application that integrates your on-premises directories with Microsoft Entra ID (formerly Azure AD). It allows you to provide a common identity for accessing both cloud and on-premises resources.
https://www.microsoft.com/en-ie/download/details.aspx?id=47594
NEW QUESTION 549
You have a Microsoft 365 E5 subscription. The subscription contains devices that are Microsoft Entra joined and enrolled in Microsoft Intune. You create a user named User1. You need to ensure that User1 can rotate BitLocker recovery keys by using Intune.
Solution: From the Microsoft Entra admin center, you assign the Helpdesk Administrator role to User1.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
Helpdesk Operator is the role required to rotate Bitlocker Keys, not HelpDesk Administrator.
https://learn.microsoft.com/en-us/mem/intune/protect/encrypt-devices#role-based-access-controls-to-manage-bitlocker
NEW QUESTION 550
You have a Microsoft 365 E5 subscription that contains Windows 11 devices. All the devices are onboarded to Microsoft Defender for Endpoint. You need to compare the configuration of the devices against industry standard benchmarks. What should you use?
A. Attack surface map.
B. Events.
C. Security baselines assessment.
D. Initiatives.
Answer: C
Explanation:
A security baseline profile is a customized profile that you can create to assess and monitor endpoints in your organization against industry security benchmarks. When you create a security baseline profile, you’re creating a template that consists of multiple device configuration settings and a base benchmark to compare against.
https://learn.microsoft.com/en-us/defender-vulnerability-management/tvm-security-baselines
NEW QUESTION 551
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Cloud Apps. You plan to perform a security audit of all the apps detected by Cloud Discovery. You need to track which apps were audited. The solution must ensure that the list of audited apps can be displayed in the cloud app catalog. What should you do?
A. Apply a custom app tag to each app.
B. Deploy Conditional Access App Control.
C. Define each app as a critical asset.
D. Generate a Cloud Discovery snapshot report.
E. Enable app governance.
Answer: A
Explanation:
Defender for Cloud Apps uses the built-in Unsanctioned app tag to mark cloud apps as prohibited for use, available in both the Cloud Discovery and Cloud App Catalog pages.
https://learn.microsoft.com/en-us/defender-cloud-apps/mde-govern
NEW QUESTION 552
You have a Microsoft 365 E5 subscription. You have a Microsoft Intune enrollment profile for Android Enterprise devices that has the following settings:
– Name: Profile1.
– Token type: Corporate-owned, fully managed.
You need to enroll a new Android device in Intune by using Profile1. What should you use to enroll the device?
A. a QR code
B. the Company Portal app
C. the Microsoft Authenticator app
D. the Intune app
Answer: A
NEW QUESTION 553
You have a Microsoft 365 Business Standard subscription and 100 Windows 10 Pro devices that are joined to Microsoft Entra. You purchase Microsoft 365 E5 licenses for all users. You need to upgrade the Windows 10 Pro devices to Windows 10 Enterprise. The solution must minimize administrative effort. Which upgrade method should you use?
A. a Microsoft Deployment Toolkit (MDT) lite-touch deployment
B. Subscription Activation
C. an in-place upgrade by using Windows installation media
D. Windows Autopilot
Answer: B
NEW QUESTION 554
You have a Microsoft 365 subscription. You have 10 computers that run Windows 10 and are enrolled in Microsoft Intune. You need to deploy the Microsoft 365 Apps for enterprise suite to all the computers. What should you do?
A. From the Microsoft Intune admin center, add an app.
B. From the Microsoft Intune admin center, create a Windows 10 and later device profile.
C. From the Microsoft Entra admin center, add an enterprise application.
D. From the Microsoft Entra admin center, add an app registration.
Answer: A
NEW QUESTION 555
You have a Microsoft 365 E5 subscription. You have a Windows device named Device1 that is enrolled in Microsoft Intune. On January 1,2024, you assign an app named App1 to Device1 as a required app. The install of App1 fails. What is the next date that Intune will attempt to install App1?
A. January 2, 2024
B. January 5, 2024
C. January 8, 2024
D. January 31, 2024
Answer: A
NEW QUESTION 556
You have a Microsoft 365 subscription that contains 500 computers that run Windows 11. The computers are Microsoft Entra joined and are enrolled in Microsoft Intune. You plan to manage Microsoft Defender for Endpoint on the computers. You need to prevent users from disabling Microsoft Defender for Endpoint. What should you do?
A. From the Microsoft Intune admin center, create an attack surface reduction (ASR) policy.
B. From the Microsoft Intune admin center, create an account protection policy.
C. From the Microsoft Defender portal, enable tamper protection.
D. From the Microsoft Intune admin center, create a device compliance policy.
Answer: C
NEW QUESTION 557
You have a Microsoft 365 E5 subscription. You need to manage operating system updates for corporate-owned Android Enterprise devices enrolled in Microsoft Intune. What should you use?
A. a compliance policy
B. an Android FOTA deployment
C. an Endpoint security policy
D. a configuration profile
Answer: D
Explanation:
If FOTA isn’t available you can use Device restrictions profiles, which work for all OEMs.
https://learn.microsoft.com/en-us/mem/intune/protect/fota-updates-android
NEW QUESTION 558
You have a Microsoft 365 subscription that contains Windows 11 devices enrolled in Microsoft Intune. You need to use Device query to identify whether a critical security patch was installed on a device. Which table should you target?
A. WindowsQfe
B. WindowsRegistry
C. FileInfo
D. OsVersion
E. SystemInfo
Answer: A
Explanation:
A QFE is often a quick update meant to fix a critical issue without waiting for the release of more comprehensive updates. It is intended for users or organizations that need an immediate solution to a specific problem.
https://learn.microsoft.com/it-it/windows/win32/cimwin32prov/win32-quickfixengineering
NEW QUESTION 559
You have a Microsoft 365 E5 subscription. All Windows devices are enrolled in Microsoft Intune. You need to deploy the Remote Help app to all the devices. The solution must minimize administrative effort. Which type of app should you deploy?
A. Windows app (Win32)
B. line-of-business (LOB)
C. Microsoft 365
D. Microsoft Store
Answer: A
Explanation:
To deploy the Remote Help app to all devices with minimal administrative effort, you should deploy it as a Windows Win32 app through Microsoft Intune. This method allows you to easily manage and update the app across all enrolled devices.
https://learn.microsoft.com/en-us/mem/intune/fundamentals/remote-help-windows
NEW QUESTION 560
You have a Microsoft 365 E5 subscription and use Microsoft Intune. You plan to implement a Microsoft Cloud PKI solution that will deploy personal user certificates to all Windows devices. What is the minimum number of configuration profiles required to support the solution?
A. 1
B. 2
C. 3
D. 4
Answer: C
Explanation:
https://learn.microsoft.com/en-us/mem/intune/protect/microsoft-cloud-pki-configure-ca#step-3-create-certificate-profiles
NEW QUESTION 561
You have a Microsoft Entra tenant named contoso.com that contains a group named Contoso Help Desk. You need to ensure that Contoso Help Desk is added to the local Administrators group whenever a Windows device is joined to contoso.com. What should you do?
A. Assign the Cloud Device Administrator role to Contoso Help Desk.
B. Assign the Microsoft Entra Joined Device Local Administrator role to Contoso Help Desk.
C. Configure the Enterprise State Roaming settings.
D. Enable Microsoft Entra Local Administrator Password Solution (LAPS) for contoso.com.
Answer: B
Explanation:
The Microsoft Entra Joined Device Local Administrator role grants users local administrator rights on devices that are joined to Microsoft Entra ID. Users assigned to this role are added to the local administrators group on Azure AD-joined devices. This allows them to perform tasks requiring administrative privileges, such as installing applications or making system changes.
https://learn.microsoft.com/en-us/entra/identity/devices/assign-local-admin
NEW QUESTION 562
You have a Microsoft 365 E5 subscription. You need to create a dynamic device group that will contain any device that has the word Marketing in its name. Which device membership rule should you use?
A. (device.displayName -in “Marketing”)
B. (device.displayName -in “*Marketing*”)
C. (device.displayName -contains “Marketing”)
D. (device.displayName -contains “*Marketing*”)
Answer: C
Explanation:
https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-membership
NEW QUESTION 563
You have a Microsoft 365 E5 subscription. You need to ensure that when a Windows device is joined to the Microsoft Entra tenant, the device is enrolled automatically in Microsoft Intune. What should you configure?
A. the Windows Information Protection (WIP) user scope
B. the Enterprise State Roaming settings
C. the Microsoft Entra join and registration settings
D. the mobile device management (MDM) user scope
Answer: D
Explanation:
To configure Microsoft Intune mobile device management (MDM) enrollment settings so that corporate-owned and personal devices automatically enroll in Microsoft Intune you would use the MDM User scope. MDM user scope enables automatic enrollment for Microsoft Intune device management.
https://learn.microsoft.com/en-us/mem/intune/enrollment/quickstart-setup-auto-enrollment
NEW QUESTION 564
You have a Microsoft 365 E5 subscription. You purchase the following types of devices:
– Windows
– Android
– iOS
You plan to enroll the devices in Microsoft Intune. You need to configure enrollment restrictions. For which device types can you configure device manufacturer restrictions?
A. Android only.
B. Windows only.
C. Android and iOS only.
D. Windows and iOS only.
E. Windows, Android, and iOS.
Answer: A
Explanation:
This restriction blocks devices made by specific manufacturers, and is applicable to Android devices only. It is in the admin center under Devices –> Device onboarding –> Enrollment –> Device platform restriction.
NEW QUESTION 565
You have a Microsoft 365 E5 subscription that contains a device named Device1. Device1 is Microsoft Entra joined. You manage Device1 by using Microsoft Intune. You need to use a remote action to reset the device as quickly as possible, if the device is turned off, the action must resume after the device is powered on. Which remote action should you use?
A. Autopilot reset.
B. Wipe.
C. Retire.
D. Delete.
Answer: B
Explanation:
The Wipe action resets the device to its factory settings by removing all data, settings, and apps. If the device is powered off when you initiate the wipe, the action will automatically resume when the device is powered back on and connects to the internet.
NEW QUESTION 566
You have a Microsoft 365 subscription. You plan to enroll 25 new devices in Microsoft Intune. You need to configure an enrollment notification for the new devices. Which two types of notifications can you use? (Each correct answer presents a complete solution. Choose two.)
A. SMS
B. Microsoft Teams Message
C. phone call
D. push
E. email
Answer: DE
Explanation:
Set up enrollment notifications in Microsoft Intune to notify employees of newly enrolled devices. Enrollment notifications are sent to assigned users via your selected method: email or push notification.
https://learn.microsoft.com/en-us/mem/intune/enrollment/enrollment-notifications
NEW QUESTION 567
You have a Microsoft 365 E5 subscription and use Microsoft Intune Suite. You plan to use Intune to run remediation script packages. What should you do first in the Microsoft Intune admin center?
A. Enable Windows diagnostic data in processor configuration.
B. Enable Windows license verification.
C. Configure the Derived Credential settings.
D. Upload a Windows enterprise certificate.
Answer: B
Explanation:
An Intune Service Administrator is required to confirm licensing requirements before using Remediations for the first time.
https://learn.microsoft.com/en-us/mem/intune/fundamentals/remediations
NEW QUESTION 568
HotSpot
You have a Microsoft Entra tenant. You are creating a dynamic device group named Group1. Group1 will include only Windows devices that are Microsoft Entra registered. How should you configure the dynamic membership rule for Group1? (To answer, select the appropriate options in the answer area.)
Answer:
Explanation:
When using deviceTrustType to create dynamic membership groups for devices, you need to set the value equal to AzureAD to represent Microsoft Entra joined devices, ServerAD to represent Microsoft Entra hybrid joined devices or Workplace to represent Microsoft Entra registered devices.
https://learn.microsoft.com/en-us/entra/identity/users/groups-dynamic-membership
NEW QUESTION 569
HotSpot
You have a Microsoft 365 E5 subscription. You plan to create a Conditional Access policy named Policy1. You need to ensure that only Passwordless MFA authentication methods are used when administrators attempt to access the Azure portal, Azure PowerShell, or Azure Command-Line Interface (CLI). How should you configure Policy1? (To answer, select the appropriate options in the answer area.)
Answer:
NEW QUESTION 570
Drag and Drop
You have a Microsoft 365 subscription that contains the following devices enrolled in Microsoft Intune:
– A corporate-owned Windows device named Device1.
– A personally-owned Android device named Device2.
You need to use a remote action on each device. The solution must meet the following requirements:
– Repurpose Device1 by returning the device to the factory default settings.
– Remove only corporate data from Device2 and remove the device from Intune when the device checks in.
Which remote action should you use on each device? (To answer, drag the appropriate remote actions to the correct devices. Each remote action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Answer:
Explanation:
Device 1: Wipe. The Wipe device action restores a device to its factory default settings. The user data is kept if you choose the Wipe device, but keep enrollment state and associated user account checkbox. Otherwise, all data, apps, and settings are removed.
Device 2: Retire. The Retire action removes managed app data (where applicable), settings, and email profiles that were assigned by using Intune. The device is removed from Intune management. Removal happens the next time the device checks in and receives the remote Retire action. The device still shows up in Intune until the device checks in.
https://learn.microsoft.com/en-us/mem/intune/remote-actions/devices-wipe
NEW QUESTION 571
Drag and Drop
You have a Microsoft 365 E5 subscription and use Microsoft Intune. You need to use Microsoft Cloud PKI to deploy personal user certificates to all Windows devices. Which four actions should you perform in sequence? (To answer move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
Answer:
NEW QUESTION 572
……
Get the newest PassLeader MD-102 VCE dumps here: https://www.passleader.com/md-102.html (576 Q&As Dumps)
And, DOWNLOAD the newest PassLeader MD-102 PDF dumps from Cloud Storage for free: https://drive.google.com/drive/folders/1BtrjC5zCM7ulWdEy-7pL_ufD6yKRMYdK